#!/bin/bash
####初始化系统
### by leman
### 2019.10.11

#关闭swap分区
echo "关闭swap分区"
swapoff -a
sed -i 's/\/dev\/mapper\/centos-swap/#\/dev\/mapper\/centos-swap/g' /etc/fstab

#关闭防火墙
echo "关闭防火墙"
systemctl stop firewalld  
systemctl disable firewalld > /dev/null

#关闭selinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config 

# 安装wget工具
echo "安装wget工具"
wget=`rpm -qa|grep wget|wc -l`;
if [ $wget -eq 0 ]
then
	yum install wget -y  > /dev/null;
else
	echo "wget 已经安装";
fi

#备份系统自带的yum源
echo "备份yum源"
tar -zcvf /etc/yum.repos.d/CentOS-bk.tar.gz /etc/yum.repos.d/CentOS-*.repo
rm -rf /etc/yum.repos.d/CentOS-*.repo

#配置阿里源
echo "配置阿里源"
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo > /dev/null;
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo > /dev/null;

#安装常用工具
echo "安装curl net-tools telnet";
yum install curl net-tools telnet -y  > /dev/null;

#配置docker源
echo "配置docker源";
##安装yum源工具包
echo "安装yum源工具包"
yum install -y yum-utils device-mapper-persistent-data lvm2 > /dev/null;

#配置docker-ce yum源
echo "配置docker-ce源"
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo > /dev/null

###安装k8s
#添加阿里源
echo "添加k8s阿里源"
cat >> /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF

#更新yum缓存
echo "更新缓存"
yum clean all > /dev/null
yum makecache fast > /dev/null

#卸载旧版docker
echo "卸载旧版docker"
yum remove docker-ce docker* docker docker-common container-selinux docker-selinux docker-engine > /dev/null


#内核优化
echo "内核优化"
cat >> /etc/sysctl.d/k8s.conf << EOF
cat /etc/sysctl.conf 
kernel.core_uses_pid=1
kernel.pid_max=4194303
kernel.ctrl-alt-del=1
# kernel.core_pattern = /disk/ssd00/cores/core
 
kernel.msgmnb=65536
kernel.msgmax=65536
kernel.shmmni=4096
kernel.shmmax=8589934592
kernel.shmall=8589934592
kernel.sem=250 32000 100 128
 
# Increase number of incoming connections.max=65535
net.core.somaxconn=65535
net.core.rmem_default=8388608
net.core.wmem_default=8388608
net.core.rmem_max=33554432
net.core.wmem_max=33554432
net.core.dev_weight=512
net.core.optmem_max=262144
net.core.netdev_budget=1024
net.core.netdev_max_backlog=300000
 
net.ipv4.neigh.default.gc_thresh1=10240
net.ipv4.neigh.default.gc_thresh2=40960
net.ipv4.neigh.default.gc_thresh3=81920
 
# for lvs tunnel mode
net.ipv4.conf.all.proxy_arp=0
 
# http://blog.clanzx.net/2013/10/30/arp-filter.html
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.default.arp_announce=2
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_filter=1
net.ipv4.conf.default.arp_filter=1
 
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
 
# https://mellowd.co.uk/ccie/?tag=pmtud
# Warning,if MTU=9000 set 1, else 0 is good
net.ipv4.tcp_mtu_probing=0
net.ipv4.ip_no_pmtu_disc=0
 
net.ipv4.tcp_slow_start_after_idle=0
# Do not cache metrics on closing connections
net.ipv4.tcp_no_metrics_save=1
# Protect Against TCP Time-Wait
net.ipv4.tcp_rfc1337=1
 
net.ipv4.conf.default.accept_source_route=0
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.default.secure_redirects=0
net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.all.secure_redirects=0
 
net.ipv4.ip_forward=1
net.ipv4.ip_nonlocal_bind=1
net.ipv4.ip_local_port_range=9000 65535
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_ignore_bogus_error_responses=1
 
net.ipv4.tcp_timestamps=0
net.ipv4.tcp_sack=1
net.ipv4.tcp_dsack=1
net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_rmem=4096 102400 16777216
net.ipv4.tcp_wmem=4096 102400 16777216
net.ipv4.tcp_mem=786432 1048576 1572864
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_syn_retries=3
net.ipv4.tcp_synack_retries=3
net.ipv4.tcp_retries1=3
net.ipv4.tcp_retries2=5
net.ipv4.tcp_fin_timeout=15
net.ipv4.tcp_max_syn_backlog=262144
net.ipv4.tcp_max_orphans=262144
 
net.ipv4.tcp_frto=2
net.ipv4.tcp_thin_dupack=0
net.ipv4.tcp_reordering=3
net.ipv4.tcp_early_retrans=2
 
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_keepalive_time=30
net.ipv4.tcp_keepalive_intvl=30
net.ipv4.tcp_keepalive_probes=3
net.ipv4.tcp_max_tw_buckets=300000
net.ipv4.tcp_congestion_control=cubic
 
vm.swappiness=0
vm.dirty_writeback_centisecs=100
vm.dirty_expire_centisecs=200
vm.dirty_background_ratio=0
vm.dirty_background_bytes = 209715200
vm.dirty_ratio=40
vm.dirty_bytes = 0
vm.overcommit_memory=1
vm.overcommit_ratio=50
vm.max_map_count=262144
 
fs.file-max=262144
fs.aio-max-nr=1048576
fs.inotify.max_user_watches=102400
fs.inotify.max_user_instances=1024
EOF

cat > /etc/sysconfig/modules/br_netfilter.modules << EOF
modprobe br_netfilter
EOF
modprobe br_netfilter

chmod 755 /etc/sysconfig/modules/br_netfilter.modules

sysctl -p /etc/sysctl.d/k8s.conf > /dev/null

echo "系统初始化完成"
